Press Ctrl/Cmd + P to print
or save as PDF

HOW TO: add CAPTCHA protection to your WordPress site

Add CAPTCHA protection to your WordPress site

What is CAPTCHA?

CAPTCHA is an effective tool that you can use to prevent your contact forms from being used by automated bots, sometimes called spambots, to post spam on your site. CAPTCHA protection works by displaying an image containing text on each contact form. Users need to type the displayed CAPTCHA text before they can submit the form. Because automated bots are unable to read and type the text displayed in the CAPTCHA image, they can’t use your forms to generate spam.

CAPTCHA text

There are two steps you need to complete to add CAPTCHA protection to your WordPress site:

  1. Install and activate a CAPTCHA plugin.
  2. Choose your CAPTCHA settings.

Note:
There are several CAPTCHA plugins available for WordPress. In this example, we’re using the SI CAPTCHA Anti-Spam plugin, but you are free to choose a different plugin. The procedure for installing, activating, and configuring another plugin may be different. Refer to the plugin’s documentation for more information.

Installing and activating the CAPTCHA plugin

Firstly, Log in to your WordPress Dashboard as an admin. Click Plugins Add New.

Add new CAPTCHA plugin

Secondly, In the Keyword search box, type captcha. In this example, we’re installing the SI CAPTCHA Anti-Spam plugin. Click Install Now. The Install Now button changes to Installing.

Install CAPTCHA

Thirdly, when the installation is complete, the button displays Activate. Click Activate.

Activate the plugin

Next, The plugin is now active and appears in the Installed Plugins list in your WordPress Dashboard.

Choosing & Changing Settings

Choosing Settings

Now that the plugin is active, you can choose the types of forms that will be protected by CAPTCHA. You can also change the messages that are displayed with your CAPTCHA.

After that, In your WordPress Dashboard, click Plugins Installed Plugins SI Captcha Options.

SI Captcha Options

After installing CAPTCHA, comment, registration, and missed password forms are automatically allowed. Since these are the most frequently targeted forms kinds of automated bots, we suggest that you leave these default settings in place.

There are two other default settings that you may want to change:

  • Login form –
    The login form does not automatically enable CAPTCHA security. Since login forms require a valid username and password, they are usually not targeted by spambots and do not need protection from CAPTCHA. However, if you are concerned about brute force attacks on the login page or suspect that your site users’ usernames and passwords have been compromised, you can enable CAPTCHA on login forms for additional protection.
  • No CAPTCHA remark for clients logged in –
    This environment is automatically activated and implies that registered users of the website who are presently logged in and have entered their usernames and passwords effectively do not see a CAPTCHA on the submission form.. To maximize protection on your comment forms and require CAPTCHA for currently logged in users, disable this setting.

Changing Settings

Click Save Changes to select your form kinds and make any adjustments to the Options and Error Messages sections

Tip:
For more information about a setting, click help.

Help

That’s it! CAPTCHA is now protecting your WordPress site from spambots.

Read our next article – WordPress Housekeeping.